Home/ Questions/Q 8012193
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T19:15:16+00:00

I am playing around with Mongoid (NoMySQL Database), DEVISE and CANACN I have read

  • 0

I am playing around with Mongoid (NoMySQL Database), DEVISE and CANACN

I have read the manual (https://github.com/ryanb/cancan/wiki/Role-Based-Authorization),
but I dont wanna use the “roleMask”-calculation. I wanna use an Array (or Hash) -field instead, containing the roles of a user.

class User
  include Mongoid::Document
  field :email, :type => String, :null => false
  field :roles, :type => Array, default: -> { ['User'] if new_record?}

Is this possible in any way? And when yes, how? 🙂

many thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Cancan doesn’t really care how your roles work – your ability file is pure ruby so the logic is entirely up to you. For example you might have this in your ability:

    can :manage, Product

    If you want to restrict this to users whose roles array contains a certain value then you could do

    if user.roles.include?('Admin')
  can :manage, Product
end

    Since your ability is just a ruby class you can do pretty much anything that you can express in ruby.

    There are multiple ways of dealing with inheritance, two are outlined in the cancan wiki.

    One way involves changing how you check for a role: if you had an admin? method, then instead of just checking for the presence of the admin role it would also check for the presence of any other roles that should inherit all of that access.

    Another way is to split your ability file into methods named after the role, for example all the statements for the editor role would be in the editor method, the manager method contains all the statements for the manager role etc. If for example managers need to inherit the access an editor has then call the editor method from manager.

    • 0